How is CVE-2026-36182 exploited?

Network reachability (required): The vulnerable service is reachable over the network, meaning an attacker can initiate the attack remotely without physical access to the host. Authentication (not-required): No account or credentials are required to retrieve or target the weak password hash; the attack path is open to unauthenticated parties. Victim interaction (not-required): No user action is needed; the attacker can execute the brute-force cracking attempt entirely without victim participation. Attack complexity (info): Attack complexity is low, meaning the brute-force or hash-cracking technique is reliable and requires no special environmental conditions or race timing.

What is the impact of CVE-2026-36182?

A successful attacker recovers the root password and authenticates to the device as root, gaining unrestricted command execution. Full confidentiality impact means the attacker reads any data accessible to root, including configuration secrets, stored credentials, and private key material. Full integrity impact means the attacker modifies or replaces any file or configuration on the device, including firmware, access controls, and network settings. Full availability impact means the attacker can halt services, reboot the device, or render it permanently unresponsive.

Back to search

CRITICALCVE-2026-36182Published 2026-06-04Modified 2026-06-08CNA mitre

CVE-2026-36182: GNCC GP5 v7

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Weak password hashing in GNCC GP5 v7 allows an unauthenticated network-based attacker to recover the root password through brute-force cracking. The device stores its root password using a weak hashing algorithm, meaning any attacker who obtains the hash (for example by reading a config file or intercepting a credential store) can crack it offline and escalate to full root privileges. Successful exploitation gives the attacker complete control over the device, with full read, write, and availability impact. No fix version has been published yet; HarborGuard tracks this advisory for patch availability.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that incorporate GNCC GP5 v7 components. Any image found carrying the affected version is flagged immediately in the customer's scan results.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 9.8 Critical (v3.1) and weighting it against each environment's compliance policy to determine urgency. Triage routing directs the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the interim, the advisory remains open and visible in each affected customer's finding queue.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable service is reachable over the network, meaning an attacker can initiate the attack remotely without physical access to the host.
AuthenticationNot required
No account or credentials are required to retrieve or target the weak password hash; the attack path is open to unauthenticated parties.
Victim interactionNot required
No user action is needed; the attacker can execute the brute-force cracking attempt entirely without victim participation.
Attack complexityDetail
Attack complexity is low, meaning the brute-force or hash-cracking technique is reliable and requires no special environmental conditions or race timing.

Blast Radius

A successful attacker recovers the root password and authenticates to the device as root, gaining unrestricted command execution.
Full confidentiality impact means the attacker reads any data accessible to root, including configuration secrets, stored credentials, and private key material.
Full integrity impact means the attacker modifies or replaces any file or configuration on the device, including firmware, access controls, and network settings.
Full availability impact means the attacker can halt services, reboot the device, or render it permanently unresponsive.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-36182 is active across all customer scan pipelines, matching any image that packages GNCC GP5 v7.1.76 regardless of base image lineage. Because no upstream patch exists yet, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment GNCC publishes a fix. While waiting for an upstream fix, customers can apply compensating controls through HarborGuard network policies: isolating containers running affected images from untrusted network segments, restricting egress to known-good endpoints, and gating any exposed credential-store paths behind additional access controls. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will trigger without manual intervention once a fix version is published.

See how HarborGuard automates this

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified